All Versions
132
Latest Version
Avg Release Cycle
26 days
Latest Release
-

Changelog History
Page 3

  • v0.33.5 Changes

    May 28, 2020

    May 28, 2020

    ๐Ÿš€ Special thanks to external contributors on this release: @tau3,

    Friendly reminder, we have a bug bounty program.

    ๐Ÿ’ฅ BREAKING CHANGES:

    • Go API

      • [privval] #4744 Remove deprecated OldFilePV (@melekes)
      • [mempool] #4759 Modify Mempool#InitWAL to return an error (@melekes)
      • [node] #4832 ConfigureRPC returns an error (@melekes)
      • [rpc] #4836 Overhaul lib folder (@melekes) Move lib/ folder to jsonrpc/. Rename: rpc package -> jsonrpc package rpcclient package -> client package rpcserver package -> server package JSONRPCClient to Client JSONRPCRequestBatch to RequestBatch JSONRPCCaller to Caller StartHTTPServer to Serve StartHTTPAndTLSServer to ServeTLS NewURIClient to NewURI NewJSONRPCClient to New NewJSONRPCClientWithHTTPClient to NewWithHTTPClient NewWSClient to NewWS Unexpose ResponseWriterWrapper Remove unused http_params.go

    ๐Ÿ”‹ FEATURES:

    • [pex] #4439 Use highwayhash for pex buckets (@tau3)

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ–จ [abci/server] #4719 Print panic & stack trace to STDERR if logger is not set (@melekes)
    • [types] #4638 Implement Header#ValidateBasic (@alexanderbez)
    • [buildsystem] #4378 Replace build_c and install_c with TENDERMINT_BUILD_OPTIONS parsing. The following options are available:
      • nostrip: don't strip debugging symbols nor DWARF tables.
      • cleveldb: use cleveldb as db backend instead of goleveldb.
      • race: pass -race to go build and enable data race detection.
    • [mempool] #4759 Allow ReapX and CheckTx functions to run in parallel (@melekes)
    • ๐Ÿ”’ [rpc/core] #4844 Do not lock consensus state in /validators, /consensus_params and /status (@melekes)

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ“Œ [blockchain/v2] #4761 Fix excessive CPU usage caused by spinning on closed channels (@erikgrinaker)
    • [blockchain/v2] Respect fast_sync option (@erikgrinaker)
    • [light] #4741 Correctly return ErrSignedHeaderNotFound and ErrValidatorSetNotFound on corresponding RPC errors (@erikgrinaker)
    • [rpc] #4805 Attempt to handle panics during panic recovery (@erikgrinaker)
    • [types] #4764 Return an error if voting power overflows in VerifyCommitTrusting (@melekes)
    • [privval] #4812 Retry GetPubKey/SignVote/SignProposal a few times before returning an error (@melekes)
    • [p2p] #4847 Return masked IP (not the actual IP) in addrbook#groupKey (@melekes)
  • v0.33.4 Changes

    April 21, 2020
    • ๐Ÿšš Nodes are no longer guaranteed to contain all blocks up to the latest height. The ABCI app can now control which blocks to retain through the ABCI field ResponseCommit.retain_height, all blocks and associated data below this height will be removed.

    April 21, 2020

    ๐Ÿš€ Special thanks to external contributors on this release: @whylee259, @greg-szabo

    Friendly reminder, we have a bug bounty program.

    ๐Ÿ’ฅ BREAKING CHANGES:

    • Go API

      • [lite2] #4616 Make maxClockDrift an option Verify/VerifyAdjacent/VerifyNonAdjacent now accept maxClockDrift time.Duration (@melekes).
      • [rpc/client] #4628 Split out HTTP and local clients into http and local packages (@erikgrinaker).

    ๐Ÿ”‹ FEATURES:

    • ๐Ÿšš [abci] #4588 Add ResponseCommit.retain_height field, which will automatically remove blocks below this height. This bumps the ABCI version to 0.16.2 (@erikgrinaker).
    • [cmd] #4665 New tendermint completion command to generate Bash/Zsh completion scripts (@alessio).
    • [rpc] #4588 Add /status response fields for the earliest block available on the node (@erikgrinaker).
    • [rpc] #4611 Add codespace to ResultBroadcastTx (@whylee259).

    ๐Ÿ‘Œ IMPROVEMENTS:

    • [all] #4608 Give reactors descriptive names when they're initialized (@tessr).
    • [blockchain] #4588 Add Base to blockchain reactor P2P messages StatusRequest and StatusResponse (@erikgrinaker).
    • ๐Ÿณ [Docker] #4569 Default configuration added to docker image (you can still mount your own config the same way) (@greg-szabo).
    • [example/kvstore] #4588 Add RetainBlocks option to control block retention (@erikgrinaker).
    • [evidence] #4632 Inbound evidence checked if already existing (@cmwaters).
    • [lite2] #4575 Use bisection for within-range verification (@cmwaters).
    • [lite2] #4562 Cache headers when using bisection (@cmwaters).
    • [p2p] #4548 Add ban list to address book (@cmwaters).
    • [privval] #4534 Add error as a return value onGetPubKey() (@marbar3778).
    • [p2p] #4621 Ban peers when messages are unsolicited or too frequent (@cmwaters).
    • [rpc] #4703 Add count and total to /validators response (@melekes).
    • ๐Ÿณ [tools] #4615 Allow developers to use Docker to generate proto stubs, via make proto-gen-docker (@erikgrinaker).

    ๐Ÿ› BUG FIXES:

    • [rpc] #4568 Fix panic when Subscribe is called, but HTTP client is not running. Subscribe, Unsubscribe(All) methods return an error now (@melekes).
  • v0.33.3 Changes

    April 6, 2020

    ๐Ÿš€ This security release fixes:

    Denial of service 1

    Tendermint 0.33.2 and earlier does not limit P2P connection requests number. For each p2p connection, Tendermint allocates ~0.5MB. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions.

    Tendermint 0.33.3 (and 0.32.10) limits the total number of P2P incoming connection requests to to p2p.max_num_inbound_peers + len(p2p.unconditional_peer_ids).

    Notes:

    • Tendermint does not rate limit P2P connection requests per IP (an attacker can saturate all the inbound slots);
    • Tendermint does not rate limit HTTP(S) requests. If you expose any RPC endpoints to the public, please make sure to put in place some protection (https://www.nginx.com/blog/rate-limiting-nginx/). We may implement this in the future (#1696).

    Denial of service 2

    Tendermint 0.33.2 and earlier does not reclaim activeID of a peer after it's โœ‚ removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and โž• added to all reactors. RemovePeer is therefore called before AddPeer, which leads to always growing memory (activeIDs map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting Denial of service 1), which ultimately will lead to the node panicking.

    Tendermint 0.33.3 (and 0.32.10) claims activeID for a peer in InitPeer, which is executed before MConnection is started.

    Notes:

    • InitPeer function was added to all reactors to combat a similar issue - #3338;
    • Denial of service 2 is independent of Denial of service 1 and can be executed without it.

    โฌ†๏ธ All clients are recommended to upgrade

    Special thanks to fudongbai for finding and reporting this.

    Friendly reminder, we have a bug bounty program.

    ๐Ÿ”’ SECURITY:

    • [mempool] Reserve IDs in InitPeer instead of AddPeer (@tessr)
    • [p2p] Limit the number of incoming connections (@melekes)
  • v0.33.2 Changes

    March 11, 2020

    ๐Ÿš€ Special thanks to external contributors on this release: @antho1404, @michaelfig, @gterzian, @tau3, @Shivani912

    Friendly reminder, we have a bug bounty program.

    ๐Ÿ’ฅ BREAKING CHANGES:

    • CLI/RPC/Config

      • [cli] #4505 tendermint lite sub-command new syntax (@melekes): lite cosmoshub-3 -p 52.57.29.196:26657 -w public-seed-node.cosmoshub.certus.one:26657 --height 962118 --hash 28B97BE9F6DE51AC69F70E0B7BFD7E5C9CD1A595B7DC31AFF27C50D4948
    • Go API

      • [lite2] #4535 Remove Start/Stop (@melekes)
      • [lite2] #4469 Remove RemoveNoLongerTrustedHeaders and RemoveNoLongerTrustedHeadersPeriod option (@cmwaters)
      • [lite2] #4473 Return height as a 2nd param in TrustedValidatorSet (@melekes)
      • [lite2] #4536 Update returns a signed header (1st param) (@melekes)

    ๐Ÿ‘Œ IMPROVEMENTS:

    • [blockchain/v2] #4361 Add reactor (@brapse)
    • [cmd] #4515 Change tendermint debug dump sub-command archives filename's format (@melekes)
    • ๐ŸŒฒ [consensus] #3583 Reduce non-deterministic signature log noise (@tau3)
    • [examples/kvstore] #4507 ABCI query now returns the proper height (@erikgrinaker)
    • [lite2] #4462 Add NewHTTPClient and NewHTTPClientFromTrustedStore (@cmwaters)
    • [lite2] #4329 modified bisection to loop (@cmwaters)
    • [lite2] #4385 Disconnect from bad nodes (@melekes)
    • [lite2] #4398 Add VerifyAdjacent and VerifyNonAdjacent funcs (@cmwaters)
    • [lite2] #4426 Don't save intermediate headers (@cmwaters)
    • [lite2] #4464 Cross-check first header (@cmwaters)
    • [lite2] #4470 Fix inconsistent header-validatorset pairing (@melekes)
    • [lite2] #4488 Allow local clock drift -10 sec. (@melekes)
    • [p2p] #4449 Use curve25519.X25519() instead of ScalarMult (@erikgrinaker)
    • ๐Ÿ‘Œ [types] #4417 VerifyCommitX() functions should return as soon as +2/3 threshold is reached (@alessio).
    • ๐Ÿšš [libs/kv] #4542 remove unused type KI64Pair (@tessr)

    ๐Ÿ› BUG FIXES:

    • [cmd] #4303 Show useful error when Tendermint is not initialized (@melekes)
    • ๐Ÿ›  [cmd] #4515 Fix tendermint debug kill sub-command (@melekes)
    • [rpc] #3935 Create buffered subscriptions on /subscribe (@melekes)
    • โฑ [rpc] #4375 Stop searching for txs in /tx_search upon client timeout (@gterzian)
    • [rpc] #4406 Fix issue with multiple subscriptions on the websocket (@antho1404)
    • [rpc] #4432 Fix /tx_search pagination with ordered results (@erikgrinaker)
    • [rpc] #4492 Keep the original subscription "id" field when new RPCs come in (@michaelfig)
  • v0.33.1 Changes

    February 14, 2020

    Feburary 13, 2020

    ๐Ÿš€ Special thanks to external contributors on this release: @princesinha19

    Friendly reminder, we have a bug bounty program.

    ๐Ÿ”‹ FEATURES:

    • [rpc] #3333 Add order_by to /tx_search endpoint, allowing to change default ordering from asc to desc (@princesinha19)

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ‘• [proto] #4369 Add buf for usage with linting and checking if there are breaking changes with the master branch.
    • [proto] #4369 Add make proto-gen cmd to generate proto stubs outside of GOPATH.

    ๐Ÿ› BUG FIXES:

    • [node] #4311 Use GRPCMaxOpenConnections when creating the gRPC server, not MaxOpenConnections
    • [rpc] #4319 Check BlockMeta is not nil in /block & /block_by_hash
  • v0.33.1-dev3

    March 09, 2020
  • v0.33.1-dev2

    February 27, 2020
  • v0.33.1-dev1

    February 26, 2020
  • v0.33.1-dev0

    February 07, 2020
  • v0.33 Changes

    ๐Ÿš€ Special thanks to external contributors on this release: @mrekucci, @PSalant726, @princesinha19, @greg-szabo, @dongsam, @cuonglm, @jgimeno, @yenkhoon

    Friendly reminder, we have a bug bounty program..

    January 14, 2020

    ๐Ÿš€ This release contains breaking changes to the Block#Header, specifically ๐Ÿšš NumTxs and TotalTxs were removed (#2521). Here's how this change affects different modules:

    • apps: it breaks the ABCI header field numbering
    • state: it breaks the format of State on disk
    • RPC: all RPC requests which expose the header broke
    • Go API: the Header broke
    • P2P: since blocks go over the wire, technically the P2P protocol broke

    Also, blocks are significantly smaller ๐Ÿ”ฅ because we got rid of the redundant information in Block#LastCommit. Commit now mainly consists of a signature ๐Ÿšš and a validator address plus a timestamp. Note we may remove the validator โž• address & timestamp fields in the future (see ADR-25).

    ๐Ÿ“ฆ lite2 package has been added to solve lite issues and introduce weak subjectivity interface. Refer to the spec for complete details. ๐Ÿš€ lite package is now deprecated and will be removed in v0.34 release.

    ๐Ÿ’ฅ BREAKING CHANGES:

    • CLI/RPC/Config

      • [rpc] #3471 Paginate /validators response (default: 30 vals per page)
      • [rpc] #3188 Remove BlockMeta in ResultBlock in favor of BlockId for /block
      • [rpc] /block_results response format updated (see RPC docs for details) { "jsonrpc": "2.0", "id": "", "result": { "height": "2109", "txs_results": null, "begin_block_events": null, "end_block_events": null, "validator_updates": null, "consensus_param_updates": null } }
      • [rpc] #4141 Remove #event suffix from the ID in event responses. {"jsonrpc": "2.0", "id": 0, "result": ...}
      • [rpc] #4141 Switch to integer IDs instead of json-client-XYZ id=0 method=/subscribe id=0 result=... id=1 method=/abci_query id=1 result=...
      • ID is unique for each request;
      • Request.ID is now optional. Notification is a Request without an ID. Previously ID="" or ID=0 were considered as notifications.
      • [config] #4046 Rename tag(s) to CompositeKey & places where tag is still present it was renamed to event or events. Find how a compositeKey is constructed here
      • You will have to generate a new config for your Tendermint node(s)
      • [genesis] #2565 Add consensus_params.evidence.max_age_duration. Rename consensus_params.evidence.max_age to max_age_num_blocks.
      • [cli] #1771 tendermint lite now uses new light client package (lite2) and has 3 more flags: --trusting-period, --trusted-height and --trusted-hash
    • Apps

    • Go API

      • [rpc] #3953 Modify NewHTTP, NewXXXClient functions to return an error on invalid remote instead of panicking (@mrekucci)
      • [rpc/client] #3471 Validators now requires two more args: page and perPage
      • [libs/common] #3262 Make error the last parameter of Task (@PSalant726)
      • [cs/types] #3262 Rename GotVoteFromUnwantedRoundError to ErrGotVoteFromUnwantedRound (@PSalant726)
      • [libs/common] #3862 Remove errors.go from libs/common
      • [libs/common] #4230 Move KV out of common to its own pkg
      • [libs/common] #4230 Rename cmn.KVPair(s) to kv.Pair(s)s
      • [libs/common] #4232 Move Service & BaseService from libs/common to libs/service
      • [libs/common] #4232 Move common/nil.go to types/utils.go & make the functions private
      • [libs/common] #4231 Move random functions from libs/common into pkg rand
      • [libs/common] #4237 Move byte functions from libs/common into pkg bytes
      • [libs/common] #4237 Move throttletimer functions from libs/common into pkg timer
      • [libs/common] #4237 Move tempfile functions from libs/common into pkg tempfile
      • [libs/common] #4240 Move os functions from libs/common into pkg os
      • [libs/common] #4240 Move net functions from libs/common into pkg net
      • [libs/common] #4240 Move mathematical functions and types out of libs/common to math pkg
      • [libs/common] #4240 Move string functions out of libs/common to strings pkg
      • [libs/common] #4240 Move async functions out of libs/common to async pkg
      • [libs/common] #4240 Move bit functions out of libs/common to bits pkg
      • [libs/common] #4240 Move cmap functions out of libs/common to cmap pkg
      • [libs/common] #4258 Remove Rand from all rand pkg functions
      • [types] #2565 Remove MockBadEvidence & MockGoodEvidence in favor of MockEvidence
    • Blockchain Protocol

      • [abci] #2521 Remove TotalTxs and NumTxs from Header
      • [types] #4151 Enforce ordering of votes in DuplicateVoteEvidence to be lexicographically sorted on BlockID
      • [types] #1648 Change Commit to consist of just signatures
    • P2P Protocol

      • [p2p] #3668 Make SecretConnection non-malleable
    • [proto] #3986 Prefix protobuf types to avoid name conflicts.

      • ABCI becomes tendermint.abci.types with the new API endpoint /tendermint.abci.types.ABCIApplication/
      • core_grpc becomes tendermint.rpc.grpc with the new API endpoint /tendermint.rpc.grpc.BroadcastAPI/
      • merkle becomes tendermint.crypto.merkle
      • libs.common becomes tendermint.libs.common
      • proto3 becomes tendermint.types.proto3

    ๐Ÿ”‹ FEATURES:

    • [p2p] #4053 Add unconditional_peer_ids and persistent_peers_max_dial_period config variables (see ADR-050) (@dongsam)
    • [tools] #4227 Implement tendermint debug kill and tendermint debug dump commands for Tendermint node debugging functionality. See --help in both commands for further documentation and usage.
    • [cli] #4234 Add --db_backend and --db_dir flags (@princesinha19)
    • [cli] #4113 Add optional --genesis_hash flag to check genesis hash upon startup
    • ๐Ÿ‘ [config] #3831 Add support for RocksDB (@Stumble)
    • [rpc] #3985 Add new /block_by_hash endpoint, which allows to fetch a block by its hash (@princesinha19)
    • [metrics] #4263 Add
      • consensus_validator_power: track your validators power
      • consensus_validator_last_signed_height: track at which height the validator last signed
      • consensus_validator_missed_blocks: total amount of missed blocks for a validator as gauges in prometheus for validator specific metrics
    • ๐Ÿ‘ [rpc/lib] #4248 RPC client basic authentication support (@greg-szabo)
    • [lite2] #1771 Light client with weak subjectivity

    ๐Ÿ‘Œ IMPROVEMENTS:

    • [rpc] #3188 Added block_size to BlockMeta this is reflected in /blockchain
    • [types] #2521 Add NumTxs to BlockMeta and EventDataNewBlockHeader
    • [p2p] #4185 Simplify SecretConnection handshake with merlin
    • [cli] #4065 Add --consensus.create_empty_blocks_interval flag (@jgimeno)
    • [docs] #4065 Document --consensus.create_empty_blocks_interval flag (@jgimeno)
    • [crypto] #4190 Added SR25519 signature scheme
    • [abci] [#4177] kvstore: Return LastBlockHeight and LastBlockAppHash in Info (@princesinha19)
    • [rpc] #2741 Add proposer to /consensus_state response (@princesinha19)
    • โšก๏ธ [deps] #4289 Update tm-db to 0.4.0, this includes major breaking changes in the dep that change how errors are handled.

    ๐Ÿ› BUG FIXES:

    • [rpc/lib]#4051 Fix RPC client, which was previously resolving https protocol to http (@yenkhoon)
    • [rpc] #4141 JSONRPCClient: validate that Response.ID matches Request.ID
    • [rpc] #4141 WSClient: check for unsolicited responses
    • โšก๏ธ [types] \4164 Prevent temporary power overflows on validator updates
    • [cs] #4069 Don't panic when block meta is not found in store (@gregzaitsev)
    • โšก๏ธ [types] #4164 Prevent temporary power overflows on validator updates (joint efforts of @gchaincl and @ancazamfir)
    • [p2p] #4140 SecretConnection: use the transcript solely for authentication (i.e. MAC)
    • [consensus/types] #4243 fix BenchmarkRoundStateDeepCopy panics (@cuonglm)
    • [rpc] #4256 Pass outCapacity to eventBus#Subscribe when subscribing using a local client